From owner-svn-ports-all@freebsd.org Thu Apr 14 01:55:47 2016 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 334A1B0FE00; Thu, 14 Apr 2016 01:55:47 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E99EF1BE2; Thu, 14 Apr 2016 01:55:46 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u3E1tkMj082722; Thu, 14 Apr 2016 01:55:46 GMT (envelope-from junovitch@FreeBSD.org) Received: (from junovitch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u3E1tjfA082714; Thu, 14 Apr 2016 01:55:45 GMT (envelope-from junovitch@FreeBSD.org) Message-Id: <201604140155.u3E1tjfA082714@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: junovitch set sender to junovitch@FreeBSD.org using -f From: Jason Unovitch Date: Thu, 14 Apr 2016 01:55:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r413238 - in branches/2016Q2: . net/samba42 net/samba42/files net/samba43 net/samba43/files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 01:55:47 -0000 Author: junovitch Date: Thu Apr 14 01:55:45 2016 New Revision: 413238 URL: https://svnweb.freebsd.org/changeset/ports/413238 Log: MFH: r413163 r413173 r413163 Update Samba ports to versions 4.2.11 and 4.3.8 respectivelly, to address BadLock vulnerability(http://badlock.org). r413173 Add a note about configuration changes in the Samba ports due to BadLock vulnerability. Security: CVE-2015-5370 Security: CVE-2016-2110 Security: CVE-2016-2111 Security: CVE-2016-2112 Security: CVE-2016-2113 Security: CVE-2016-2114 Security: CVE-2016-2115 Security: CVE-2016-2118 Security: https://vuxml.FreeBSD.org/freebsd/a636fc26-00d9-11e6-b704-000c292e4fd8.html Approved by: ports-secteam (with hat) Added: branches/2016Q2/net/samba43/files/extra-patch-progress - copied unchanged from r413163, head/net/samba43/files/extra-patch-progress Deleted: branches/2016Q2/net/samba42/files/extra-patch-security branches/2016Q2/net/samba43/files/extra-patch-security Modified: branches/2016Q2/UPDATING branches/2016Q2/net/samba42/Makefile branches/2016Q2/net/samba42/distinfo branches/2016Q2/net/samba42/pkg-plist branches/2016Q2/net/samba43/Makefile branches/2016Q2/net/samba43/distinfo branches/2016Q2/net/samba43/pkg-plist Directory Properties: branches/2016Q2/ (props changed) Modified: branches/2016Q2/UPDATING ============================================================================== --- branches/2016Q2/UPDATING Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/UPDATING Thu Apr 14 01:55:45 2016 (r413238) @@ -5,6 +5,31 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20160412: + AFFECTS: Users of net/samba42 and net/samba/43 + AUTHOR: timur@FreeBSD.org + + Samba 4.2.x and 4.3.x ports have been updated to address + BadLock(http://badlock.org) vulnerability, as well as few other + discovered. + + Please note that Samba 4.1.x and older versions are also affected by + the issues fixed with this release but are not supported anymore. It is + strongly recommend to upgrade to a recent version at your earliest + convenience. + + The security updates include new smb.conf options and a number of + stricter behaviours to prevent Man in the Middle attacks. Between these + changes, compatibility with a large number of older software versions + has been lost in the default configuration. + + For more information about the related behaviour changes and the + security issues please visit: + + https://www.samba.org/samba/latest_news.html#4.4.2 + https://www.samba.org/samba/history/samba-4.3.8.html + https://www.samba.org/samba/history/samba-4.2.11.html + 20160404: AFFECTS: mail/spamassassin AUTHOR: adamw@FreeBSD.org Modified: branches/2016Q2/net/samba42/Makefile ============================================================================== --- branches/2016Q2/net/samba42/Makefile Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba42/Makefile Thu Apr 14 01:55:45 2016 (r413238) @@ -3,7 +3,7 @@ PORTNAME?= ${SAMBA4_BASENAME}42 PORTVERSION?= ${SAMBA4_VERSION} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -15,11 +15,11 @@ LICENSE= GPLv3 CONFLICTS?= *samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba43-4.3.* -EXTRA_PATCHES= ${PATCHDIR}/extra-patch-security:-p1 +#EXTRA_PATCHES= ${PATCHDIR}/extra-patch-security:-p1 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.2.7 +SAMBA4_VERSION= 4.2.11 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} Modified: branches/2016Q2/net/samba42/distinfo ============================================================================== --- branches/2016Q2/net/samba42/distinfo Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba42/distinfo Thu Apr 14 01:55:45 2016 (r413238) @@ -1,2 +1,2 @@ -SHA256 (samba-4.2.7.tar.gz) = f586ab3166ce4c663360f15b1de24ef083816a5471856e3ad49bc26b35f0104a -SIZE (samba-4.2.7.tar.gz) = 20741971 +SHA256 (samba-4.2.11.tar.gz) = 75bce53c922e51352933c9846f2c4b1e251fabb80927adb426a773a321ee01f8 +SIZE (samba-4.2.11.tar.gz) = 20875348 Modified: branches/2016Q2/net/samba42/pkg-plist ============================================================================== --- branches/2016Q2/net/samba42/pkg-plist Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba42/pkg-plist Thu Apr 14 01:55:45 2016 (r413238) @@ -1,4 +1,3 @@ -bin/async_connect_send_test bin/cifsdd bin/dbwrap_tool bin/eventlogadm @@ -672,6 +671,7 @@ lib/shared-modules/vfs/zfsacl.so %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/bare.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/dnsserver.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/misc.py +%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_protocol.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/registry.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpc_talloc.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpcecho.py @@ -683,7 +683,7 @@ lib/shared-modules/vfs/zfsacl.so %%PYTHON_SITELIBDIR%%/samba/tests/docs.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py %%PYTHON_SITELIBDIR%%/samba/tests/gensec.py -%%PYTHON_SITELIBDIR%%/samba/tests/getopt.py +%%PYTHON_SITELIBDIR%%/samba/tests/get_opt.py %%PYTHON_SITELIBDIR%%/samba/tests/hostconfig.py %%PYTHON_SITELIBDIR%%/samba/tests/libsmb_samba_internal.py %%PYTHON_SITELIBDIR%%/samba/tests/messaging.py Modified: branches/2016Q2/net/samba43/Makefile ============================================================================== --- branches/2016Q2/net/samba43/Makefile Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba43/Makefile Thu Apr 14 01:55:45 2016 (r413238) @@ -3,7 +3,7 @@ PORTNAME?= ${SAMBA4_BASENAME}43 PORTVERSION?= ${SAMBA4_VERSION} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES?= net MASTER_SITES= SAMBA/samba/stable SAMBA/samba/rc DISTNAME= ${SAMBA4_DISTNAME} @@ -15,11 +15,11 @@ LICENSE= GPLv3 CONFLICTS?= *samba3[2-6]-3.* samba4-4.0.* samba41-4.1.* samba42-4.2.* -EXTRA_PATCHES= ${PATCHDIR}/extra-patch-security:-p1 +EXTRA_PATCHES= ${PATCHDIR}/extra-patch-progress:-p1 SAMBA4_BASENAME= samba SAMBA4_PORTNAME= ${SAMBA4_BASENAME}4 -SAMBA4_VERSION= 4.3.3 +SAMBA4_VERSION= 4.3.8 SAMBA4_DISTNAME= ${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|} WRKSRC?= ${WRKDIR}/${DISTNAME} @@ -430,7 +430,7 @@ SAMBA_MAN7+= samba.7 winbind_krb5_locat SAMBA_MAN8+= eventlogadm.8 idmap_ad.8 idmap_autorid.8 idmap_hash.8 \ idmap_ldap.8 idmap_nss.8 idmap_rfc2307.8 idmap_rid.8 \ idmap_tdb.8 idmap_tdb2.8 net.8 nmbd.8 pam_winbind.8 pdbedit.8 \ - samba-regedit.8 samba-tool.8 samba.8 smbd.8 smbpasswd.8 \ + samba-regedit.8 samba-tool.8 samba.8 smbd.8 smbpasswd.8 smbspool_krb5_wrapper.8 \ smbspool.8 smbta-util.8 vfs_acl_tdb.8 vfs_acl_xattr.8 \ vfs_aio_fork.8 vfs_aio_linux.8 vfs_aio_pthread.8 \ vfs_audit.8 vfs_cacheprime.8 vfs_cap.8 vfs_catia.8 vfs_ceph.8 \ Modified: branches/2016Q2/net/samba43/distinfo ============================================================================== --- branches/2016Q2/net/samba43/distinfo Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba43/distinfo Thu Apr 14 01:55:45 2016 (r413238) @@ -1,2 +1,2 @@ -SHA256 (samba-4.3.3.tar.gz) = e62d21313acbb29e24b0b80aaf2b63fdd1ccce4cfb741f333deca95a1a3a70df -SIZE (samba-4.3.3.tar.gz) = 20427281 +SHA256 (samba-4.3.8.tar.gz) = 379dc66c3a0a483bf5bed37be6e5d182934db7c4102b21929a6c4602b32b2b10 +SIZE (samba-4.3.8.tar.gz) = 20568773 Copied: branches/2016Q2/net/samba43/files/extra-patch-progress (from r413163, head/net/samba43/files/extra-patch-progress) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/net/samba43/files/extra-patch-progress Thu Apr 14 01:55:45 2016 (r413238, copy of r413163, head/net/samba43/files/extra-patch-progress) @@ -0,0 +1,31 @@ +diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c +index c65fb08..13713fc 100644 +--- a/source3/passdb/pdb_ldap.c ++++ b/source3/passdb/pdb_ldap.c +@@ -1005,7 +1005,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, + entry, + "gecos", + ctx); +- if (unix_pw.pw_gecos) { ++ if (unix_pw.pw_gecos==NULL) { + unix_pw.pw_gecos = fullname; + } + unix_pw.pw_dir = smbldap_talloc_single_attribute( +@@ -1013,7 +1013,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, + entry, + "homeDirectory", + ctx); +- if (unix_pw.pw_dir) { ++ if (unix_pw.pw_dir==NULL) { + unix_pw.pw_dir = discard_const_p(char, ""); + } + unix_pw.pw_shell = smbldap_talloc_single_attribute( +@@ -1021,7 +1021,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state, + entry, + "loginShell", + ctx); +- if (unix_pw.pw_shell) { ++ if (unix_pw.pw_shell==NULL) { + unix_pw.pw_shell = discard_const_p(char, ""); + } + Modified: branches/2016Q2/net/samba43/pkg-plist ============================================================================== --- branches/2016Q2/net/samba43/pkg-plist Thu Apr 14 01:54:02 2016 (r413237) +++ branches/2016Q2/net/samba43/pkg-plist Thu Apr 14 01:55:45 2016 (r413238) @@ -1,4 +1,3 @@ -bin/async_connect_send_test bin/cifsdd bin/dbwrap_tool bin/eventlogadm @@ -625,6 +624,7 @@ lib/shared-modules/vfs/zfsacl.so %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/dnsserver.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/integer.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/misc.py +%%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/raw_protocol.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/registry.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpc_talloc.py %%PYTHON_SITELIBDIR%%/samba/tests/dcerpc/rpcecho.py @@ -636,7 +636,7 @@ lib/shared-modules/vfs/zfsacl.so %%PYTHON_SITELIBDIR%%/samba/tests/docs.py %%PYTHON_SITELIBDIR%%/samba/tests/dsdb.py %%PYTHON_SITELIBDIR%%/samba/tests/gensec.py -%%PYTHON_SITELIBDIR%%/samba/tests/getopt.py +%%PYTHON_SITELIBDIR%%/samba/tests/get_opt.py %%PYTHON_SITELIBDIR%%/samba/tests/hostconfig.py %%PYTHON_SITELIBDIR%%/samba/tests/kcc/__init__.py %%PYTHON_SITELIBDIR%%/samba/tests/kcc/graph.py @@ -839,8 +839,9 @@ man/man8/samba-tool.8.gz man/man8/samba.8.gz man/man8/smbd.8.gz man/man8/smbpasswd.8.gz -man/man8/smbspool.8.gz man/man8/smbta-util.8.gz +man/man8/smbspool_krb5_wrapper.8.gz +man/man8/smbspool.8.gz man/man8/vfs_acl_tdb.8.gz man/man8/vfs_acl_xattr.8.gz man/man8/vfs_aio_fork.8.gz